package org.baeldung.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;

@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter
{
    
    @Autowired
    private BCryptPasswordEncoder passwordEncoder;
    
    @Override
    public void configure(final AuthorizationServerSecurityConfigurer oauthServer)
        throws Exception
    {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }
    
    @Override
    public void configure(ClientDetailsServiceConfigurer clients)
        throws Exception
    {
        clients.inMemory() // 使用in-memory存储
            .withClient("SampleClientId") // client_id
            .secret(passwordEncoder.encode("secret"))// client_secret
            .authorizedGrantTypes("authorization_code")// 该client允许的授权类型
            .scopes("user_info") // 允许的授权范围
            .autoApprove(true)
            .redirectUris("http://127.0.0.1:8082/ui/login", "http://127.0.0.1:8083/ui2/login", "http://127.0.0.1:8082/login")
            .accessTokenValiditySeconds(3600); // 1 hour
    }
    
}
